32 lines
1.1 KiB
Plaintext
32 lines
1.1 KiB
Plaintext
As a rule of thumb, use the cryptographic algorithms and mechanisms that are
|
|
considered strong by the cryptographic community.
|
|
|
|
Appropriate choices are currently the following.
|
|
|
|
|
|
==== For AES: use authenticated encryption modes
|
|
|
|
The best-known authenticated encryption mode for AES is Galois/Counter mode
|
|
(GCM).
|
|
|
|
GCM mode combines encryption with authentication and integrity checks using a
|
|
cryptographic hash function and provides both confidentiality and authenticity
|
|
of data.
|
|
|
|
Other similar modes are:
|
|
|
|
* CCM: `Counter with CBC-MAC`
|
|
* CWC: `Cipher Block Chaining with Message Authentication Code`
|
|
* EAX: `Encrypt-and-Authenticate`
|
|
* IAPM: `Integer Authenticated Parallelizable Mode`
|
|
* OCB: `Offset Codebook Mode`
|
|
|
|
It is also possible to use AES-CBC with HMAC for integrity checks. However, it
|
|
is considered more straightforward to use AES-GCM directly instead.
|
|
|
|
==== For RSA: use the OAEP scheme
|
|
|
|
The Optimal Asymmetric Encryption Padding scheme (OAEP) adds randomness and a
|
|
secure hash function that strengthens the regular inner workings of RSA.
|
|
|